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3) 0 Since this application is In concJition for allowance except for formal nnatters, prosecution as to the merits is 
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8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 
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DETAILED ACTION 

1 . Claims 1 -9 are pending. 

Response to Arguments 

2. Applicant's arguments filed 07-20-2005 have been fully considered but they are 
not persuasive. 

Applicant contends that Van Oorschot does not teach a table comprising a 
certificate authority filter. Examiner respectfully disagrees. Van Oorschort discloses a 
directory containing certification authority trust data of all certificate issuing unit as well 
as authority revocation lists and certificate revocation lists (see column 6, lines 60-65). It 
is clear that the directory 302 disclosed by Van Oorschort contains a list (table) for the 
trusted CAs and a list (table) for untrusted CAs . Therefore Van Oorschort teaches a 
table comprising a Certificate Authority filter. 

In response to applicant's argument that the references fail to show certain 
features of applicant's invention, it is noted that the features upon which applicant relies 
(i.e., "there are no relationship among the certificate authority filters in these 
tables") are not recited in the rejected claim(s). Although the claims are interpreted in 
light of the specification, limitations from the specification are not read into the claims. 
See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). 
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Applicant contends that Van Oorschot does not mention discarding the 
certificate. Examiner respectfully disagrees. Van Oorschot teaches a list of revoked 
certificate (see column 6, lines 31-32). It is obvious by an ordinary skill in the art that the 
Van Oorschot's intent of revoking a certificate is to eliminate, void or disable the 
certificate, which is similar to discarding the certificate. Both revoking and discarding the 
certificate would eliminate the further use of the certificate. Therefor Van Oorschot 
teaches discarding the certificate. 

Applicant contends that Van Oorschot does not teach a table comprising a 
public key and the table thought by Van Oorschot does not contain certificate 
themselves or public key associated with the certificates. Examiner respectfully 
disagrees. Firstly Van Oorschot teaches a table which includes public key and public 
key associated with certificate (see column 5, lines 4-13). Secondly Van Oorschot 
discloses a directory, which is similar to directory X.509 and it is well known in the art 
that directory X.509 contains public keys (see column 6, lines 19-24). Thirdly Van 
Oorschot clearly teaches a table-containing certificate themselves (see column 9, lines 
15-17). Lastly Van Oorschot teaches obtaining the certificates from the directory 302 
(table) and this clearly shows the existence of the certificates in the directory (table) 
(see paragraph 9, lines 10-15). 

Claim Rejections • 35 USC § 102 
3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 
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A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

4. Claims 1-9 are rejected under 35 U.S.C. 102(e) as being anticipated Paul C. 
Van Oorschot et al. (US Patent NO. 6,134.550) 

Regarding Claim 1 

Van Oorschot teaches a method for filtering certificates issued from one or 
more certificate authorities (CA), the method comprising the steps of: receiving a 
certificate and storing the certificate (column 9, lines 27); preventing use of the 
certificate until validation (column 1, lines 50-55); identifying a certificate authority 
that has issued the certificate (column 5, lines 7-14); identifying a certificate 
authority filter by referring to a table, that comprises identification of at least one 
certificate authority filter( column4, lines 52-62); sending a request to the 
identified certificate authority filter (column 5, lines 14-17); receiving from the 
certificate authority filter a response to the request, the response comprising 
information related to the certificate authority that has issued the certificate and a 
public key of the certificate authority that has issued the certificate (column 5, 
lines 4-23); determining according to the response whether the certificate 
authority is a trusted certificate authority; and validating the certificate if the 
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certificate authority that has issued the certificate is a trusted certificate authority 
(column 5, lines 14-25).. 

Regarding Claim 2 

Van Oorschot teaches all limitation of the claim as applied to claim 1 
above and furthermore he teaches a method comprising the step of: discarding 
the certificate if the response indicates that the certificate authority that has 
issued the certificate is not a trusted certificate authority (column 8, lines 13-22). 

Regarding Claim 3 

Van Oorschot teaches all limitation of the claim as applied to claim 1 
above and furthermore he teaches a method, wherein the step of identifying the 
certificate authority that has issued the certificate comprises the further step of: 
retrieving an identification of the certificate authority from the certificate (column 
2, lines 26-28 and column 5, lines lines 4-13). 



Regarding Claim 4 

Van Oorschot teaches all limitation of the claim as applied to claim 1 
above and furthermore he teaches a method, wherein the step of sending a 
request to the identified certificate authority filter comprises the further step of: 
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including in said request an identification of the certificate authority that has 
issued the certificate (column 5, lines 7-13). 

Regarding Claim 5 

Van Oorschot teaches all limitation of the claim as applied to claim 1 
above and furthermore he teaches a method, wherein the response received 
from the certificate authority filter comprises a level of trust assigned to the 
certificate authority, and wherein the step of determining according to the 
response whether the certificate authority is a trusted certificate authority 
comprises the further step of: checking whether the level of trust assigned to the 
certificate authority corresponds to a level of trust of a trusted certificate authority 
(column2, lines 8-19) . 

Regarding Claim 6 

Van Oorschot teaches all limitation of the claim as applied to claim 1 
above and furthermore he teaches a method, wherein the step of validating the 
certificate comprises the further steps of: comparing the public key included in 
the response received from the certificate authority filter with a public key 
included in a response from a second certificate authority filter; and validating the 
certificate if the public key included in the response received from the certificate 
authority filter is the same as the public key received in the response from the 
second certificate authority filter (column2, lines 8-19). 
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Regarding Claim 7 

Van Oorschot teaches a method, in a certificate authority filter connected 
to a networl<, for filtering certificates issued from one or more certificate 
authorities, the method comprising the steps of: receiving a request comprising 
an identification of a certificate authority; identifying the certificate authority in 
said request (column 5, lines 14-25); finding in a table the certificate authority, 
the table comprising: identification of at least one certificate authority and a level 
of trust and a public key associated with each of said at least one 
certificate((column 5, lines 4-13)(examiner considers certificate chain data as 
applicant's table)) ; determining a level of trust of the identified certificate 
authority referring to said table ((column 5, lines 62-67)(examiner considers 
degree of trust as applicants level of trust)); retrieving a public key associated 
with the identified certificate authority referring to said table (column 2, lines 8- 
23); and sending a response to an originator of the request (column 6, lines 1- 
12), said response comprising the level of trust of the identified certificate 
authority and the public key associated with the identified certificate authority 
(column 5, lines 4-13 and 63-67) . 



Regarding Claim 8 

Van Oorschot teaches all limitation of the claim as applied to claim 7 
above and furthermore he teaches a method wherein said request further 
comprises an identification of a destination entity (column 5, lines 4-13)(examiner 
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considers target certification authority as applicant's destination entity). 



Regarding Claim 9 

Van Oorscliot teaches all limitation of the claim as applied to claim 8 
above and furthermore he teaches a method, wherein: the table further includes, 
associated with the certificate authority, the destination entity and a level of trust 
associated with the destination entity; and wherein the step of determining the 
level of trust further includes the step of determining the level of trust associated 
with the destination entity by referring to the table (column 1 1 , lines 24-49 and 
column 5, lines 62-67). 
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Conclusion 



5. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 . 1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 




Ali Abyaneh 
Patent Examiner 
Art Unit 2137 
10-26-05 



